Accessing SharePoint Data using Postman (SharePoint REST API)

5 min readAug 14, 2018


In this series of posts, I will be explaining a couple of ways to access SharePoint data using Postman.

  1. Using an Azure AD app via Graph API
  2. Using the SharePoint App Registration (this post)

These approaches will allow us to test the APIs using Postman before we can use them in development.

In both approaches we first start by creating an app and then use the credentials of that app to get the access token. Once we get the access token we use that in the HTTP request to get the required data.

This post will cover accessing SharePoint data via SharePoint REST API

SharePoint App Registration

To register an app in SharePoint navigate to the “New App Registration” page. The URL of that page will be similar to

Fill the details in that page as per the following table and click “Create”.

Copy the generated Client Id and Client Secret into notepad (or any of your favorite editor) as we will need these later.

Now that the app is registered we need to provide the app with some permissions so that it can access data. In order to do that, navigate to the “appinv.aspx” page (with which you can grant permissions to an app). The URL of that page will be similar to the one below

In that page, paste the Client Id in the “App Id” text box and click on “Lookup”. This will load the details of the app we registered previously

AppInv.aspx with app details

In the “Permission Request XML” paste the following XML. This XML says that the app can have full control over the current web (which is all I need for this case). If you need to give different permissions then please take a look at this article by Microsoft.

Once that is added click on “Create”. In the next screen click on “Trust It” and this will mean that the app will have the required permissions.

Trust the SharePoint App

That completes the SharePoint related bits. Now to Postman.


If you have followed my previous post, then you would have created a Postman environment already. If not please go ahead and create one.

In that environment lets add the following variables

For more information on “Principal” please follow this article.

Postman variables for SharePoint App

Access Token Request

After the variables are set up, it’s time to send a POST request to get the token. Create a new request in Postman, name it as “Get Access Token For SP Rest” and change it’s request type to “POST”.

The URL will be{{realm}}/tokens/OAuth/2

{{realm}} is an environment variable. So when we send the request {{realm}} will be replaced with the value we specified earlier.

Click on the “Body” tab of the request and add the following Key Value pairs

Body for getting access token

Now click on “Tests” tab in the request and add the following javascript.

var json = JSON.parse(responseBody);
postman.setEnvironmentVariable("appReg_bearerToken", json.access_token);

This code runs after the request is made. It extracts the “access token” from the response, creates an environment variable called “appReg_bearerToken” and assigns it’s value to the retrieved access token.

Storing the access token in the environment

The request is now composed, save it and click on “Send”. This will provide the json response which has access token in it.

Sending the request

This should have created a variable called “appReg_bearerToken” in the environment and assigned the value of it to the retrieved token. You can verify that by looking at the environment variables.

Getting List Items

We are now ready to make the request to get the list items. To do that create a new GET request in Postman with the name “Get List Items Using SP REST”. The URL will be similar to'ListTitle')/items?$select=Title

If needed you can create an environment variable to hold the name of the tenant

This should return all the items in the list with their title.

To specify the access token for the request, click on the “Headers” tab and add the following

Headers for Get Items request

The request is now composed. Save it and click send. This will return a json response (similar to the one shown below) which will have the list item details.

If there is an error related to token, then please run the token request once again and then re-send the list item request.

You can modify the query in the request as per your need to get other data.

You can also skip the “Get Access Token For SP Rest” request in Postman and use the powerful PnP PowerShell command let Get-PnPAppAuthAccessToken.

Executing the above PowerShell script will copy the Access Token to clipboard which can then be used in the authorization header of the Postman request “Get List Items Using SP REST”.




Microsoft MVP. M365 Developer Architect at Content+Cloud.